Nine Million EasyJet Customers Hacked

Uploaded on 2020-05-20 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

British budget airline EasyJet has said that nine million customer data, email addresses and travel details have been stolen and that 2,208 customers also had their credit card details hacked.

EasyJet say they first became aware of the attack in January. Stolen credit card data included the three digital security code, known as the CVV number, on the back of the card itself. It admitted that it has only gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks, saying that it will notify everyone affected by 26 May.

The airline did not provide details about the nature of the attack or the motives, but said its investigation suggested hackers were targeting "company intellectual property" rather than information that could be used in identity theft. 

"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.....We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays," the company said.

Phishing 
Phishing attempts, which see criminals sending emails with links to fake web pages that steal personal data, have risen exponentially during the coronavirus crisis. Google blocks over 100 million phishing emails daily to Gmail users.
Under GDPR (General Data Protection Regulation), if EasyJet is found to have mishandled customer data, it could face fines of up to 4% of its annual worldwide turnover.

Generally, personal details can be used by fraudsters to access bank accounts, open accounts and take out loans in the innocent victims' names, make fraudulent purchases, or sell on to other criminals. The risks to those whose card details have been compromised are clear. Their provider should already have stopped the card, a new one will be issued, and they will need to sort out any regular payments coming from that card.

Following a similar data breach at British Airways in 2018, some found this a frustrating and time-consuming task.
Millions of people whose email addresses and travel details have been accessed will need to change passwords, and be wary of any unexpected transactions.

Everyone else, particularly EasyJet customers whose details have not been affected, must be alert to other unsolicited emails and messages. 

Fraudsters will likely try to impersonate as EasyJet, banks, or the authorities and claim to be dealing with this latest breach to defraud customers. They are simply trying to steal personal details themselves. Keep a close eye on credit card bills for anything untoward. You should change any passwords on affected accounts – and also any others if you used the same password elsewhere.

If you get a call from your bank or card company saying it has noticed fraudulent transactions, be on your guard. End the call and then phone the bank or card company back to check it was legitimate. Also, don’t hand over any passcodes or passwords to anyone, whoever they claim to be.

VOA News:   BBC:       Guardian:     Metro

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

Air Travel Needs Stronger Cyber Security:

 

 

 

 

« EU Parliament Suffers A Major Attack
Employees Lack Cyber Protection In Lockdown »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Assac Networks

Assac Networks

Assac Networks ShieldIT is an app that completely protects any BYOD smartphone from both tapping and hacking.

SensorHound

SensorHound

SensorHound’s mission is to improve the security and reliability of the Internet of Things (IoT).

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

CyberMass

CyberMass

CyberMass provides Cyber Advisory/Consulting, Professional and Managed Services offering complete cybersecurity as a service protection to businesses.